--- title: Creating an Aquera connection description: Use an Aquera provisioning connection to provision PingOne identities to an Aquera user store. component: pingone page_id: pingone:integrations:p1_create_aquera_connection canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_create_aquera_connection.html revdate: June 4, 2025 page_aliases: ["p1_aquera_known_limitations.adoc"] section_ids: before-you-begin: Before you begin steps: Steps result: Result: troubleshooting: Troubleshooting: result-2: Result next-steps: Next steps aquera-provisioning-known-limitations: Aquera provisioning known limitations partial-updates: Partial updates --- # Creating an Aquera connection Use an Aquera provisioning connection to provision PingOne identities to an Aquera user store. ## Before you begin You should review the information about creating users in Aquera. Learn more in [Aquera User Guide](https://support.aquera.com/hc/en-us/articles/360056052093-Aquera-User-Guide) in the Aquera documentation (Aquera account sign-on required). ## Steps 1. In the PingOne admin console, go to **Integrations > Provisioning**. 2. Click **[icon: plus, set=fa]**and then click **New Connection**. 3. On the **Identity Store** line, click **Select**. 4. On the **Aquera** tile, click **Select**. Click **Next**. 5. Enter a name and description for the provisioning connection. The connection name appears in the provisioning list after you save the connection. 6. Click **Next**. 7. In the **Configure Authentication** section, enter the values for the following fields: | Field | Value | | ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Aquera SCIM URL** | The fully qualified URL to use for the SCIM resources, such as https\://api.aquera.io/scim/. You can find this information on your [Aquera Applications page](https://admin.aquera.io/securehome/endpoints). | | **Connection Profile**. | Select the authentication method to use, **Basic Auth** or **Bearer Token**. Additional fields display depending on the selected method. The type of authentication to use is determined by the target SaaS application configured in Aquera. When you set up an application in Aquera, you might be constrained by the authentication methods supported by a particular application. For example, certain applications might support OAuth tokens only, while others might support basic authentication only. | | **Basic Auth** | **Basic Auth User**: The username for the target SaaS application in Aquera. The username is configured during the application setup in Aquera.**Basic Auth Password**: The password for the target SaaS application in Aquera. The password is configured during the application setup in Aquera. | | **Bearer token** | **OAuth Access Token**: Enter the OAuth access token value for the target SaaS application in Aquera. | 8. Click **Test Connection** to verify that PingOne can establish a connection to Aquera. ### Result: If there are any issues with the connection, a **Test Connection Failed** modal opens. Click **Next** to resume the setup with an invalid connection. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | You can't use the connection for provisioning until you've established a valid connection to Aquera. To retry, click **Cancel** in the **Test Connection Failed** modal and repeat step 7. | ### Troubleshooting: Learn more about troubleshooting your connection in [Troubleshooting test connection failure](p1_provisioning_troubleshooting_test_connection_failure.html). 9. In the **Configure Preferences** and **Users Actions** sections, configure the following: | Field | Description | | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Enable users creation** | Determines whether to create a user in the target identity store when the user is created in the source identity store. | | **Enable users updation** | Determines whether to update user attributes in the target identity store when the user is updated in the source identity store.If **Enable users updation** is selected, you can choose to select **Enable users disable** which determines whether to disable a user in the target identity store when the user is disabled in the source identity store. | | **Enable users deprovision** | Determines whether to deprovision a user in the target identity store when the user is deprovisioned in the source identity store.If Enable users deprovision is selected, the following configurations appear.- **Remove Action**: Determines whether to remove or disable a user in the target identity store when the user is deleted in the source identity store. Select **Delete** or **Disable**. Remove Action is only available if you select Enable users disable. - **Deprovision on rule deletion**: Determines whether to deprovision users if the associated provisioning rule is deleted. | 10. Click **Save**. 11. To enable the connection, click the toggle at the top of the details panel to the right (blue). | | | | - | ------------------------------------------------------------------------- | | | You can disable the connection by clicking the toggle to the left (gray). | ## Result The Aquera provisioning connection is complete and added to the list of provisioning connections on the **Provisioning** page. ## Next steps Define which users are provisioned and how attributes are mapped between PingOne and an external identity store. Learn more in [Creating an outbound rule](p1_create_provisioning_rule_outbound.html). ## Aquera provisioning known limitations The following are known issues and limitations with Aquera user provisioning. ### Partial updates If the downstream provisioning from Aquera is provisioning to a service provider that doesn't support partial update operations, you cannot disable a user on deprovisioning because deprovisioning will be converted to a partial update operation rather than a delete operation.